I'm unable to configure mutual TLS in "Custom domain names" option of API Gateway.
Below are steps I have followed to configure mutual TLS configuration:
I have a root account and its child account.
Root Account Steps:
- Created a new client certificate using "client certificates" option of API gateway in root account.
- Downloaded the new certificate. the new certificate file name is
qde1ca.cert
. Renamed the qde1ca.cert
file using mv qde1ca.cert gateway.truststore.pem
.
- uploaded
gateway.truststore.pem
file to a directory application-truststore
of S3 bucket of Root Account.
The S3 bucket name is integrations-us-east-1
. The directory has version enabled. So, my S3 file path is s3://integrations-us-east-1/application-truststore/gateway.truststore.pem
- Noted
Object URI
and Version ID
of the newly uploaded gateway.truststore.pem
file.
Child Account Steps
-
In child account, I tried to configure mutual TLS of Custom domain name of API Gateway.
- enabled
Mutual TLS authentication
option
- Configure
Truststore URI
as the Object URI
(s3://integrations-us-east-1/application-truststore/gateway.truststore.pem
)
- Truststore version as
Version ID
of the newly uploaded gateway.truststore.pem
file.
-
Saved this configuration.
When I test using Frontend that invoke APIs of API gateway, it seems that the APIs are not executing.
However, when I reset the mutual TLS configuration using OLD values Object URI and Version ID, The APIs in API Gateway works correctly!!!
What am I missing into the new mutual TLS configuration of Custom domain names configuration of API Gateway?